nixos/netbird: open up 0.59.0+ DNS forwarder port (#458138)

2025-11-04 20:41:01 +00:00
parent 1af3170eef d28ff2232d
commit 999a7ab99f
1 changed files with 13 additions and 2 deletions
--- a/nixos/modules/services/networking/netbird.nix
+++ b/nixos/modules/services/networking/netbird.nix
@@ -231,6 +231,14 @@ in
                '';
              };

+              openInternalFirewall = mkOption {
+                type = bool;
+                default = true;
+                description = ''
+                  Opens up internal firewall ports for the NetBird's network interface.
+                '';
+              };
+
              hardened = mkOption {
                type = bool;
                default = true;
@@ -502,8 +510,11 @@ in
        interfaces = listToAttrs (
          toClientList (client: {
            name = client.interface;
-            value.allowedUDPPorts = optionals client.openFirewall [
-              5353 # required for the DNS forwarding/routing to work
+            value.allowedUDPPorts = optionals client.openInternalFirewall [
+              # note: those should be opened up by NetBird itself, but it needs additional
+              #  NixOS -specific debugging and tweaking before it works
+              5353 # <0.59.0 DNS forwarder port, kept for compatibility with those clients
+              22054 # >=0.59.0 DNS forwarder port
            ];
          })
        );